IDENTIFY CONTROL SECURITY TYPES Flashcards
(27 cards)
What is the focus of this section in the CySA+ course?
Identifying security control types within Domain 2: Vulnerability Management, specifically Objective 2.5 - explaining concepts related to vulnerability response, handling, and management.
What are the first topics covered in this section?
The different roles and responsibilities associated with cybersecurity.
What is the role of the Security Operations Center (SOC) in cybersecurity?
The SOC integrates into an organization’s overall security structure to monitor, detect, and respond to cybersecurity threats.
What framework is discussed in this section?
NIST Special Publication 800-53, which provides a catalog of security and privacy controls for US federal information systems.
Why is NIST SP 800-53 relevant to CySA+?
It includes testable control categories that are part of the CySA+ exam.
What is the purpose of selecting security controls?
To mitigate vulnerabilities and enforce the confidentiality, integrity, and availability (CIA) of systems and networks.
How does this section conclude?
With a short quiz reviewing key concepts and explanations for each question.
What are some common roles in cybersecurity?
Cybersecurity Analyst, Specialist/Technician, Cybercrime Investigator, Incident Response Analyst, Penetration Tester, Engineer, and Chief Information Security Officer (CISO).
What is the primary role of a Cybersecurity Analyst?
To protect sensitive information and prevent unauthorized access to electronic data and systems. They serve as network defenders responsible for securing various devices.
What is the difference between a Junior and Senior Cybersecurity Analyst?
Junior analysts typically have 2-4 years of experience in IT/security roles before being promoted. Senior analysts oversee junior analysts and report to security managers or CISOs.
What is the role of the Chief Information Security Officer (CISO)?
The CISO is a senior executive responsible for governance, risk management, and leading cybersecurity strategy within an organization.
What security functions might a cybersecurity analyst perform?
Implementing/configuring security controls (firewalls, IDS), working in a SOC, conducting risk and vulnerability assessments, responding to incidents, and maintaining threat intelligence.
What is the purpose of a Security Operations Center (SOC)?
A SOC is a centralized unit that continuously monitors and analyzes security threats to detect and respond to cybersecurity incidents.
What is a Computer Security Incident Response Team (CSIRT)?
A CSIRT is responsible for responding to cybersecurity incidents, such as data breaches and attacks, to mitigate their impact.
What type of assessments might a cybersecurity analyst conduct?
Risk assessments, vulnerability assessments, and penetration tests to identify and mitigate security threats.
Why is threat intelligence important for cybersecurity analysts?
Threat intelligence helps analysts stay updated on evolving threats, enabling them to implement appropriate countermeasures to protect their organization.
What are the key qualities of a good cybersecurity analyst?
Creative thinking and problem-solving skills, ability to analyze security threats, and effectively communicate findings to both technical and non-technical audiences.
Why is communication important for cybersecurity analysts?
Analysts must explain security issues and solutions to senior management in non-technical terms to ensure proper risk management decisions.
How do you select the appropriate security controls for a system?
By considering the CIA Triad (Confidentiality, Integrity, Availability) to ensure full security coverage.
What security principle is upheld by encryption?
Confidentiality - encryption ensures that unauthorized users cannot access sensitive data.
What security principle is upheld by digital signatures?
Integrity - digital signatures verify that data has not been altered.
What security principle is upheld by scalable cloud computing?
Availability - cloud elasticity ensures resources are available to meet demand.
Why is it important to combine multiple security controls?
No single control ensures Confidentiality, Integrity, and Availability (CIA) - a layered approach is needed.
How can you improve confidentiality in a backup system?
By implementing encryption or access control systems to restrict unauthorized access.
